@mclaus - I woyulkd suggest, just as we do with credit cards, that an order and the card information are sent separately. That way at least two parts of the system have to be comproimised before damage can be done.